Strong OT cybersecurity programs aren’t built on tools alone, they're built on strategy, communication, and smart investment.

In this episode of Protect It All, host Aaron Crow is joined by cybersecurity expert Don C. Weber for a candid, real-world discussion on what it actually takes to build and sustain effective security programs across IT and OT environments.

From CapEx vs OpEx decisions to the growing role of AI in both attack and defense, this conversation cuts through the noise and focuses on what drives real outcomes: understanding business workflows, aligning with leadership, and developing the soft skills needed to turn strategy into action.

You’ll learn:

• Why budgeting (CapEx vs OpEx) directly impacts security success
• The underrated power of soft skills in driving security programs
• How to connect cybersecurity efforts to business value and operations
• The role of pen testing and assessments in improving maturity
• Where AI adds value and where it introduces new risk
• How training and process understanding strengthen long-term resilience

Whether you’re building a new security program or scaling an existing one, this episode delivers practical, experience-driven insights to help you make smarter decisions and drive real impact.

Tune in to learn how to align strategy, people, and investment for stronger OT cybersecurity only on Protect It All.

Key Moments:

05:49 Technical skills and security requirements

09:10 Understanding data workflows

12:29 Building a vulnerability management program

13:26 Understanding organizational decision history

17:44 Budgeting challenges with CAPEX and OPEX

21:36 Steps in a security assessment

24:17 Starting a cybersecurity program

28:02 Prioritizing remote access security

31:21 Discussing AI's impact on cybersecurity

32:55 Using AI in cybersecurity

38:07 AI simplifying complex knowledge

40:35 AI tools making data queries easier

45:02 Detecting and responding faster

46:05 Networking and shared experiences

About the guest:

Don C. Weber is a visionary cybersecurity leader who helps defenders safely prove security where it matters most in industrial operations. He is a SANS Principal Instructor, Founder of Cutaway Security, co-author of SANS ICS613: ICS/OT Penetration Testing & Assessments, and he also teaches SANS ICS410: ICS/SCADA Security Essentials to SANS student around the world. He brings years of field work into creating step-by-step labs and planning methods teams can use right away.

How to connect Don:

LinkedIn: https://www.linkedin.com/in/cutaway/

Cutaway Security: https://www.linkedin.com/company/cutaway-security-llc

CutSec Github: https://github.com/cutaway-security

CutSec GasPot HMI Lab: https://github.com/cutaway-security/gaspot-hmi-lab

SANS ICS ICS613 ICS/OT Penetration Testing and Assessments: https://www.sans.org/cyber-security-courses/ics-ot-penetration-testing-assessments

Connect With Aaron Crow:

• Website: www.corvosec.com
• LinkedIn: https://www.linkedin.com/in/aaronccrow

L...